UDP-based Transport for Configured
SubscriptionsHuawei101 Yu-Hua-Tai Software RoadNanjingJiangsuChinazhengguangying@huawei.comHuawei156 Beiqing Rd., Haidian DistrictBeijingChinazhoutianran@huawei.comSwisscomBinzring 17Zuerich 8045Switzerlandthomas.graf@swisscom.comINSA-LyonLyonFrancepierre.francois@insa-lyon.frINSA-LyonLyonFrancealex.huang-feng@insa-lyon.frNTTSiriusdreef 70-72Hoofddorp, WT 2132NLpaolo@ntt.netNETCONFThis document describes an UDP-based notification mechanism to
collect data from networking devices. A shim header is proposed to
facilitate the data streaming directly from the publishing process on
network processor of line cards to receivers. The objective is to
provide a lightweight approach to enable higher frequency and less
performance impact on publisher and receiver processes compared to
already established notification mechanisms.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14
when, and only when, they appear in all capitals, as shown here.Sub-Notif defines a mechanism that lets
a receiver subscribe to the publication of YANG-defined data maintained
in a YANG datastore. The mechanism
separates the management and control of subscriptions from the transport
used to deliver the data. Three transport mechanisms, namely NETCONF transport, RESTCONF transport, and HTTPS transport have been
defined so far for such notification messages.While powerful in their features and general in their architecture,
the currently available transport mechanisms need to be complemented to
support data publications at high velocity from devices that feature a
distributed architecture. The currently available transports are based
on TCP and lack the efficiency needed to continuously send notifications
at high velocity.This document specifies a transport option for Sub-Notif that
leverages UDP. Specifically, it facilitates the distributed data
collection mechanism described in . In the case of publishing
from multiple network processors on multiple line cards, centralized
designs require data to be internally forwarded from those network
processors to the push server, presumably on a route processor, which
then combines the individual data items into a single consolidated
stream. The centralized data collection mechanism can result in a
performance bottleneck, especially when large amounts of data are
involved.What is needed is a mechanism that allows for directly publishing
from multiple network processors on line cards, without passing them
through an additional processing stage for internal consolidation. The
proposed UDP-based transport allows for such a distributed data
publishing approach.Firstly, a UDP approach reduces the burden of maintaining a large
amount of active TCP connections at the receiver, notably in cases
where it collects data from network processors on line cards from a
large amount of networking devices.Secondly, as no connection state needs to be maintained, UDP
encapsulation can be easily implemented by the hardware of the
publication streamer, which will further improve performance.Ultimately, such advantages allow for a larger data analysis
feature set, as more voluminous, finer grained data sets can be
streamed to the receiver.The transport described in this document can be used for transmitting
notification messages over both IPv4 and IPv6.This document describes the notification mechanism. It is intended to
be used in conjunction with , extended by . describes the control of the proposed
transport mechanism. details the
notification mechanism and message format.
describes the use of options in the notification message header. covers the applicability of the proposed
mechanism. describes a mechanism to
secure the protocol in open networks.This section describes how the proposed mechanism can be controlled
using subscription channels based on NETCONF or RESTCONF.Following the usual approach of Sub-Notif, configured subscriptions
contain the location information of all the receivers, including the IP
address and the port number, so that the publisher can actively send
UDP-Notif messages to the corresponding receivers.Note that receivers MAY NOT be already up and running when the
configuration of the subscription takes effect on the monitored device.
The first message MUST be a separate subscription-started notification
to indicate the Receiver that the stream has started flowing. Then, the
notifications can be sent immediately without delay. All the
subscription state notifications, as defined in , MUST be encapsulated in separate notification
messages.In this section, we specify the UDP-Notif Transport behavior. describes the general design of the solution.
specifies the UDP-Notif message format.
describes a generic optional sub TLV
format. uses such options to provide
a segmentation solution for large UDP-Notif message payloads. describes the encoding of the message
payload.As specified in Sub-Notif, the telemetry data is encapsulated in
the NETCONF/RESTCONF notification message, which is then encapsulated
and carried using transport protocols such as TLS or HTTP2. This
document defines a UDP based transport. illustrates the structure of an UDP-Notif
message.The Message Header contains information that facilitate the
message transmission before deserializing the notification
message.Notification Message is the encoded content that the
publication stream transports. The common encoding methods
are listed in . describes the
structure of the Notification Message for single notifications and
bundled notifications.The UDP-Notif Message Header contains information that facilitate
the message transmission before deserializing the notification
message. The data format is shown in .The Message Header contains the following field:Ver represents the PDU (Protocol Data Unit) encoding version.
The current version value is 1.S represents the space of media type specified in the MT field.
When S is unset, MT represents the standard media types as defined
in this document. When S is set, MT represents a private space to
be freely used for non standard encodings.MT is a 4 bit identifier to indicate the media type used for
the Notification Message. 16 types of encoding can be expressed.
When the S bit is unset, the following values apply:0: Reserved;1: application/yang-data+json 2: application/yang-data+xml 3: application/yang-data+cbor Header Len is the length of the message header in octets,
including both the fixed header and the options.Message Length is the total length of the message within one
UDP datagram, measured in octets, including the message
header.Observation-Domain-ID is a 32-bit identifier of the Observation
Domain that led to the production of the notification message, as
defined in . This allows
disambiguation of an information source, such as the
identification of different line cards sending the notification
messages. The source IP address of the UDP datagrams SHOULD NOT be
interpreted as the identifier for the host that originated the
UDP-Notif message. Indeed, the streamer sending the UDP-Notif
message could be a relay for the actual source of data carried
within UDP-Notif messages.The Message ID is generated continuously by the publisher of
UDP-Notif messages. Different subscribers share the same Message
ID sequence.Options is a variable-length field in the TLV format. When the
Header Length is larger than 12 octets, which is the length of the
fixed header, Options TLVs follow directly after the fixed message
header (i.e., Message ID). The details of the options are
described in .UDP-Notif message data can be encoded in CBOR, XML or JSON format.
It is conceivable that additional encodings may be supported in the
future. This can be accomplished by augmenting the subscription data
model with additional identity statements used to refer to requested
encodings.Private encodings can be supported through the use of the S bit of
the header. When the S bit is set, the value of the MT field is left
to be defined and agreed upon by the users of the private encoding. An
option is defined in for more verbose
encoding descriptions than what can be described with the MT
field.Implementation MAY support multiple encoding methods per
subscription. When bundled notifications are supported between the
publisher and the receiver, only subscribed notifications with the
same encoding can be bundled in a given message.All the options are defined with the following format, illustrated in
.Type: 1 octet describing the option type;Length: 1 octet representing the total number of octets in the
TLV, including the Type and Length fields;Variable-length data: 0 or more octets of TLV Value.When more than one option are used in the UDP-notif header, options
MUST be ordered by the Type value.The UDP payload length is limited to 65535. Application level
headers will make the actual payload shorter. Even though binary
encodings such as CBOR may not require more space than what is left,
more voluminous encodings such as JSON and XML may suffer from this
size limitation. Although IPv4 and IPv6 publishers can fragment
outgoing packets exceeding their Maximum Transmission Unit(MTU),
fragmented IP packets may not be desired for operational and
performance reasons.Consequently, implementations of the mechanism SHOULD provide a
configurable max-segment-size option to control the maximum size of a
payload.The Segmentation Option is to be included when the message content
is segmented into multiple pieces. Different segments of one message
share the same Message ID. An illustration is provided in . The fields of this TLV are:Type: Generic option field which indicates a Segmentation
Option. The Type value is to be assigned TBD1.Length: Generic option field which indicates the length of this
option. It is a fixed value of 4 octets for the Segmentation
Option.Segment Number: 15-bit value indicating the sequence number of
the current segment. The first segment of a segmented message has
a Segment Number value of 0.L: is a flag to indicate whether the current segment is the
last one of the message. When 0 is set, the current segment is not
the last one. When 1 is set, the current segment is the last one,
meaning that the total number of segments used to transport this
message is the value of the current Segment Number + 1.An implementation of this specification MUST NOT rely on IP
fragmentation by default to carry large messages. An implementation of
this specification MUST either restrict the size of individual
messages carried over this protocol, or support the segmentation
option.When a message has multiple options and is segmented using the
described mechanism, all the options MUST be present on the first
segment ordered by the options Type. The rest of segmented messages
MAY include all the options ordered by options type.The space to describe private encodings in the MT field of the
UDP-Notif header being limited, an option is provided to describe
custom encodings. The fields of this option are as follows.Type: Generic option field which indicates a Private Encoding
Option. The Type value is to be assigned TBD2.Length: Generic option field which indicates the length of this
option. It is a variable value.Enc. Descr: The description of the private encoding used for
this message. The values to be used for such private encodings is
left to be defined by the users of private encodings.This option SHOULD only be used when the S bit of the header is
set, as providing a private encoding description for standard
encodings is meaningless.In this section, we provide an applicability statement for the
proposed mechanism, following the recommendations of .The proposed mechanism falls in the category of UDP applications
"designed for use within the network of a single network operator or on
networks of an adjacent set of cooperating network operators, to be
deployed in controlled environments", as defined in . Implementations of the proposed
mechanism SHOULD thus follow the recommendations in place for such
specific applications. In the following, we discuss recommendations on
congestion control, message size guidelines, reliability considerations
and security considerations.The proposed application falls into the category of applications
performing transfer of large amounts of data. It is expected that the
operator using the solution configures QoS on its related flows. As
per , such applications MAY choose not to
implement any form of congestion control, but follow the following
principles.It is NOT RECOMMENDED to use the proposed mechanism over
congestion-sensitive network paths. The only environments where
UDP-Notif is expected to be used are managed networks. The deployments
require that the network path has been explicitly provisioned to
handle the traffic through traffic engineering mechanisms, such as
rate limiting or capacity reservations.Implementation of the proposal SHOULD NOT push unlimited amounts of
traffic by default, and SHOULD require the users to explicitly
configure such a mode of operation.Burst mitigation through packet pacing is RECOMMENDED. Disabling
burst mitigation SHOULD require the users to explicitly configure such
a mode of operation.Applications SHOULD monitor packet losses and provide means to the
user for retrieving information on such losses. The UDP-Notif Message
ID can be used to deduce congestion based on packet loss detection.
Hence the receiver can notify the device to use a lower streaming
rate. The interaction to control the streaming rate on the device is
out of the scope of this document. recommends not to rely on IP fragmentation
for messages whose size result in IP packets exceeding the MTU along
the path. The segmentation option of the current specification permits
segmentation of the UDP Notif message content without relying on IP
fragmentation. Implementation of the current specification SHOULD
allow for the configuration of the MTU.The target application for UDP-Notif is the collection of
data-plane information. The lack of reliability of the data streaming
mechanism is thus considered acceptable as the mechanism is to be used
in controlled environments, mitigating the risk of information loss,
while allowing for publication of very large amounts of data.
Moreover, in this context, sporadic events when incomplete data
collection is provided is not critical for the proper management of
the network, as information collected for the devices through the
means of the proposed mechanism is to be often refreshed.A receiver implementation for this protocol SHOULD deal with
potential loss of packets carrying a part of segmented payload, by
discarding packets that were received, but cannot be re-assembled as a
complete message within a given amount of time. This time SHOULD be
configurable.In open or unsecured networks, UDP-notif messages MUST be secured
or encrypted. In this section, a mechanism using DTLS 1.3 to secure
UDP-notif protocol is presented. The following sections defines the
requirements for the implementation of the secured layer of DTLS for
UDP-notif. No DTLS 1.3 extensions are defined nor needed.The DTLS 1.3 protocol is
designed to meet the requirements of applications that need to secure
datagram transport. Implementations using DTLS to secure UDP-notif
messages MUST use DTLS 1.3 protocol as defined in
without any new extensions.When this security layer is used, the Publisher MUST always be a
DTLS client, and the Receiver MUST always be a DTLS server. The
Receivers MUST support accepting UDP-notif Messages on the specified
UDP port, but MAY be configurable to listen on a different port. The
Publisher MUST support sending UDP-notif messages to the specified UDP
port, but MAY be configurable to send messages to a different port.
The Publisher MAY use any source UDP port for transmitting
messages.The Publisher initiates a DTLS connection by sending a DTLS
ClientHello to the Receiver. Implementations MAY support the denial
of service countermeasures defined by DTLS 1.3. When these
countermeasures are used, the Receiver responds with a DTLS
HelloRetryRequest containing a stateless cookie. The Publisher MUST
send a new DTLS ClientHello message containing the received cookie,
which initiates the DTLS handshake.When DTLS is implemented, the Publisher MUST NOT send any
UDP-notif messages before the DTLS handshake has successfully
completed. Early data mechanism (also known as 0-RTT data) as defined in
MUST NOT be used.Implementations of this security layer MUST support DTLS 1.3
and MUST support the
mandatory to implement cipher suite TLS_AES_128_GCM_SHA256 and
SHOULD implement TLS_AES_256_GCM_SHA384 and
TLS_CHACHA20_POLY1305_SHA256 cipher suites, as specified in TLS 1.3
. If additional cipher suites are supported,
then implementations MUST NOT negotiate a cipher suite that employs
NULL integrity or authentication algorithms.Where privacy is REQUIRED, then implementations must either
negotiate a cipher suite that employs a non-NULL encryption
algorithm or otherwise achieve privacy by other means, such as a
physically secured network.When DTLS is used, all UDP-notif messages MUST be published as
DTLS "application_data". It is possible that multiple UDP-notif
messages are contained in one DTLS record, or that a publication
message is transferred in multiple DTLS records. The application
data is defined with the following ABNF
expression:APPLICATION-DATA = 1*UDP-NOTIF-FRAMEUDP-NOTIF-FRAME = MSG-LEN SP UDP-NOTIF-MSGMSG-LEN = NONZERO-DIGIT *DIGITSP = %d32NONZERO-DIGIT = %d49-57DIGIT = %d48 / NONZERO-DIGITUDP-NOTIF-MSG is defined in .The Publisher SHOULD attempt to avoid IP fragmentation by using
the Segmentation Option in the UDP-notif message.A Publisher MUST close the associated DTLS connection if the
connection is not expected to deliver any UDP-notif Messages later.
It MUST send a DTLS close_notify alert before closing the
connection. A Publisher (DTLS client) MAY choose to not wait for the
Receiver's close_notify alert and simply close the DTLS connection.
Once the Receiver gets a close_notify from the Publisher, it MUST
reply with a close_notify.When no data is received from a DTLS connection for a long time,
the Receiver MAY close the connection. Implementations SHOULD set
the timeout value to 10 minutes but application specific profiles
MAY recommend shorter or longer values. The Receiver (DTLS server)
MUST attempt to initiate an exchange of close_notify alerts with the
Publisher before closing the connection. Receivers that are
unprepared to receive any more data MAY close the connection after
sending the close_notify alert.Although closure alerts are a component of TLS and so of DTLS,
they, like all alerts, are not retransmitted by DTLS and so may be
lost over an unreliable network.The YANG model defined in has four
leaves augmenting the model of Sub-Notif, and one presence container to configure
DTLS1.3 encryption parameters.
This YANG module is used to configure, on a publisher, a receiver
willing to consume notification messages. This module augments
the "ietf-subscribed-notifications" module to define a transport
specific receiver and uses tls-client-grouping defined in to add DTLS 1.3
parameters.
This document describes a number of new registries, the URI from IETF
XML Registry and the registration of a new YANG module name.This document is creating 3 registries called "UDP-notif media types",
"UDP-notif option types", and "UDP-notif header version" under the new
group "UDP-notif protocol". The registration procedure is made using
the Standards Action process defined in .The first requested registry is the following:These are the initial registrations for "UDP-notif media types":The second requested registry is the following:These are the initial registrations for "UDP-notif options
types":The third requested registry is the following:These are the initial registrations for "UDP-notif header
version":IANA is also requested to assign a new URI from the IETF XML Registry. The following URI is
suggested:This document also requests a new YANG module name in the YANG Module Names registry with the following
suggestion: states that "UDP applications that need to
protect their communications againts eavesdropping, tampering, or
message forgery SHOULD employ end-to-end security services provided by
other IETF protocols". As mentioned above, the proposed mechanism is
designed to be used in controlled environments, as defined in also known as "limited domains", as defined in
. Thus, a security layer is not necessary
required. Nevertheless, a DTLS layer MUST be implemented in open or
unsecured networks. A specification of udp-notif using DTLS is presented
in .The authors of this documents would like to thank Alexander Clemm,
Eric Voit, Huiyang Yang, Kent Watsen, Mahesh Jethanandani, Marco Tollini,
Stephane Frenot, Timothy Carey, Tim Jenkins and Yunan Gu for their
constructive suggestions for improving this document.